PhishLabs security researchers have found a new way of phishing that allows hackers to use the phone-side URL address bar to lead the user into the phishing site. At present, this means has a lot of users in the mobile side of Facebook users have in the move.
Researchers revealed that the new attack strategy relied on the mobile browser URL address bar is too narrow, thus hindering the user to view all the links to the content of the vulnerability. It is reported that hackers use subdomains and hyphens and other characters to fill the URL, so that the entire link in the mobile device looks extremely real, but once the user will be directed to the phishing site.
In addition, the company also provides an example, such as-hxxp: //m.facebook.com, where http has been replaced by hxxp. And most of the time the user can not clearly distinguish, but they are already visiting a phishing site. They will be in the URL of all the action will be their own data transmission to the hands of hackers, and hackers will use these data through spam to send the phishing URL to users around the friends, thus infecting more users.
In fact, this has been on the PC side, but because the PC side of the address bar is longer, some fishing sites easy to see through. In the mobile side, URL fill method is very effective to cover up the real domain name of the site, mobile users is difficult to find this problem. The solution to this problem is to confirm and check the full domain name, not just the HTTP part, because every character error may enter the phishing site. In addition, the security scan, shielding most phishing sites and do not click on the SMS and e-mail link, because these links are more dangerous, if necessary, must be carefully checked.
